Latest news of the domain name industry

Recent Posts

Donuts says DPML now covers “millions” of trademark variants as price rockets again

Kevin Murphy, October 1, 2018, Domain Registrars

Donuts has added more than a third to the price of its Domain Protected Marks List service, as it adds a new feature it says vastly increases the number of domains trademark owners can block.

The company has added homograph attack protection to DPML, so trademark-owning worrywarts can block variations of their brand that contain confusing non-Latin characters in addition to all the domain variants DPML already takes out of the available pool.

An example of a homograph, offered by Donuts, would be the domain xn--ggle-0nda.com, which can display as “gοοgle.com” and which contains two Cyrillic o-looking characters but is pretty much indistinguishable from “google.com”.

Donuts reckons this could mean “millions” of domains could be blocked, potentially preventing all kinds of phishing attacks, but one suspects the actual number per customer rather depends on how many potentially confusable Latin characters appear in the brands they want to protect.

DPML is a block service that prevents others from registering domains matching or closely matching customers’ trademarks. Previous additions to the service have included typo protection.

The new feature supports Cyrillic and Greek scripts, the two that Donuts says most homograph attacks use.

The company explained it to its registrars like this:

The Donuts system will analyze the content of each SLD identified in a DPML subscription, breaking it down to its individual characters. Each character is then “spun” against Unicode’s list of confusable characters and replaced with all viable IDN “glyphs” supported by Donuts TLDs. This spinning results in potentially millions of IDN permutations of a brand’s trademark which may be considered easily confusable to an end user. Each permutation is then blocked (removed from generally available inventory) just like other DPML labels, meaning it can only be registered via an “Override” by a party holding a trademark on the same label.

While this feature comes at no additional cost, Donuts is increasing its prices from January 1, the second big increase since DPML went live five years ago.

Donuts declined to disclose its wholesale price when asked, but I’ve seen registrars today disclose new pricing of $6,000 to $6,600 for a five-year block.

That compares to retail pricing in the $2,500 to $3,000 range back in 2013.

Hexonet said it will now charge its top-flight resellers $6,426 per create, compared to the $4,400 it started charging when DPML prices last went up at the start of last year. OpenProvider has also added two grand to its prices.

Donuts said the price increase also reflects the growth of its portfolio of gTLDs over the last few years. It now has 241, 25% more than at the last price increase.

Nominet to charge brands for no-name Whois access

Kevin Murphy, April 23, 2018, Domain Registries

Nominet has become the second major registry to announce that trademark lawyers will have to pay for Whois after the EU General Data Protection Regulation comes into effect next month.

The company said late last week that it will offer the intellectual property community two tiers of Whois access.

First, they can pay for a searchable Whois with a much more limited output.

Nominet said that “users of the existing Searchable WHOIS who are not law enforcement will continue to have access to the service on a charged-for basis however the registrant name and address will be redacted”.

Second, they can request the full Whois record (including historical data) for a specific domain and get a response within one business day for no charge.

Approved law enforcement agencies will continue to get unfettered access to both services — with “enhanced output” for the searchable Whois — for no charge, Nominet said.

These changes were decided upon following a month-long consultation which accepted comments from interested parties.

Other significant changes incoming include:

  • Scrapping UK-presence requirements for second-level registrations.
  • Doing away with the current privacy services framework, offloading GDPR liability to registrars providing such services.
  • Creating a standard opt-in mechanism for registrants who wish for their personal data to be disclosed in public Whois.

Nominet is the second registry I’m aware of to say it will charge brand owners for Whois access, after CoCCA 10 days ago.

CoCCA has since stated that it will sell IP owners a PDF containing the entire unredacted Whois history of a domain for $3, if they declare that they have a legitimate interest in the domain.

It also said they will be able to buy zone file access to the dozens of TLDs running on the CoCCA platform for $88 per TLD.

Famous Four following .sucks playbook with premium pricing for brands?

New gTLD registry Famous Four Media has slapped general availability prices of $500 and up on domain names matching famous brands.

The company plans to shortly introduce eight “premium” pricing tiers, ranging from $200 a year to $10,000 a year.

The first to launch, on July 8, will be its “brand protection tier”, which will carry a $498 registry fee.

Famous Four told its registrars that the tier “will provide an additional deterrent to cyber-squatters for well-known brands ensuring that domain names in this tier will not be eligible for price promotions”.

The gTLDs .date, .faith and .review will be first to use the tiered pricing structure.

It’s not entirely clear what brands will be a part of the $498 tier, or how the registry has compiled its list, but registrars have been given the ability to ask for their clients’ trademarks to be included.

I asked Famous Four for clarification a few days ago but have not yet had a response.

While other registries, such as Donuts, used tiered pricing for GA domains, I’m only aware of one other that puts premium prices on brands: .sucks.

Vox Populi has a trademark-heavy list of .sucks domains it calls Market Premium — formerly Sunrise Premium — that carry a $1,999-a-year registry fee.

Unlike Vox Pop, Famous Four does not appear to be planning a subsidy that would make brand-match domains available at much cheaper prices to third parties.

Famous Four’s gTLDs have seen huge growth in the last month or two, largely because it’s been selling domains at a loss.

.science, for example, has over 300,000 registrations — making it the third-largest new gTLD — because Famous Four’s registry fee has been discounted to just $0.25 from May to July.

The same discount applies to .party (over 195,000 names in its zone) and .webcam (over 60,000).

Those three gTLDs account for exactly half of the over 22,000 spam attacks that used new gTLD domains in March and April, according to Architelos’ latest abuse report.

With names available at such cheap prices, it would not be surprising if cybersquatters are abusing these gTLDs as much as the spammers.

Will intellectual property owners believe a $498+ reg fee is a useful deterrent to cybersquatting?

Or will they look upon this move as “predatory”, as they did with .sucks?

Only 2% of phishing attacks use cybersquatted domain names

Kevin Murphy, October 25, 2012, Domain Registries

The number of cybersquatted domain names being used for phishing is falling sharply and currently stands at just 2% of attacks, according to the Anti-Phishing Working Group.

The APWG’s first-half 2012 report (pdf) identified 64,204 phishing domains in total.

Of those, the group believes that only 7,712 (12%) were actually registered by the phishers themselves. The rest belonged to innocent third parties and had been compromised.

That’s a steep drop from 12,895 domains in the second half of 2011 and 14,650 in the first half of 2011.

Of the 7,712 phisher-owned domains, about 66% were being use to phish Chinese targets, according to the APWG.

The group’s research found only 1,350 that contained a brand name or a misspelling of a brand name.

That’s down from 2,232 domains in the second-half of 2011, representing just 2% of all phishing domains and 17% of phisher-owned domains.

The report states:

Most maliciously registered domain strings offered nothing to confuse a potential victim. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names.

As we have observed in the past, the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do.

Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.

Taken as a percentage of attacks, brand-jacking is clearly a pretty low-occurrence offence, according to the APWG’s numbers.

In absolute numbers, it works out to about 7.5 domain names per day that are being use to phish and contain a variation of the brand name being targeted.

Unsurprisingly, the APWG found that Freedom Registry’s .tk — which offers free registration — is the TLD being abused most often to register domains for phishing attacks.

More than half of the phisher-owned domains were in .tk, according to the report.

Stop the nonsense about TLD-squatting

Kevin Murphy, January 19, 2012, Domain Policy

Barely a day has passed recently without a news report about how companies are being forced to apply for new top-level domains to prevent cybersquatters moving in on their brands.

It’s complete nonsense, of course, brought about by a lack of basic research coupled with years of bad feeling towards the domain name industry and an ICANN new gTLDs outreach campaign that spent six months failing to effectively tackle widely held misconceptions.

Cybersquatters are not going to apply for new gTLDs. If they do, they won’t be approved.

Unfortunately, this does not mean that we’re not going to see lots of “defensive” new gTLD applications.

Due to the way the program is structured, it may actually make strategic sense for some companies to apply for a dot-brand gTLD even if they are otherwise pretty clueless about domain names.

It worries me to think that a few years from now the TLD space – which is currently running at almost 100% utilization – will start to resemble the second level in pretty much every major TLD, with lots of essentially unused, redundant defensive domain names.

I don’t think this will be good for the domain name industry or ICANN.

That said, what looks good for ICANN and the domain name industry is of little concern to brand owners – they just want to make sure their brands are not damaged by the program.

I’ve written a 4,500-word paper analyzing the actual need for companies to file “defensive” gTLD applications, which is now available to DomainIncite PRO subscribers.

Companies that can’t apply for .brand gTLDs say they have decided not to apply for .brand gTLDs

Kevin Murphy, November 8, 2011, Domain Policy

Hewlett-Packard and Proctor & Gamble have ruled themselves out of applying to ICANN for .brand top-level domains, or so they claim.

Bloomberg yesterday reported a distinct lack of enthusiasm for new gTLDs from many large brands, leading with quotes from P&G and HP:

P&G, the world’s largest consumer products company with more than 50 brands including Tide detergent, Pampers diapers and Crest toothpaste, won’t apply for new suffixes, said Paul Fox, a spokesman. HP, the biggest computer maker, considers the program costly and has no plans to take part, said Gary Elliott, vice president of global marketing.

“A lot of companies are looking at the same math as we are and saying, ‘Let’s stop this proposal from happening,’” Elliott said in an interview. “There’s a tremendous amount of confusion about what this means and what the costs are.”

HP’s Elliot is chairman of the Association of National Advertisers, the most vocal opponent of the new gTLD program, as the Bloomberg report notes.

One fact the report doesn’t mention – and I’d bet Elliot didn’t volunteer – is that HP and P&G cannot apply for .hp or .pg due to ICANN’s strict three-character minimum for new gTLD strings.

HP had campaigned for ICANN to scrap the two-character prohibition for a number of years, though it usually also noted that in principle it was opposed to the program.

Nevertheless, it strikes me as disingenuous for the company to say it’s decided against a .brand on the basis of cost, when ICANN essentially made its decision for it years ago.

P&G, which mostly makes cosmetics and toiletries, has also ruled out applying for gTLDs to represent any of its 50 or so well-known brands, Bloomberg reported.

The internet will have to go without .tampax and .pampers for the foreseeable future.

General Motors, Wal-Mart, Adobe, Porsche, Vodafone and Puma are all generally negative on the program but are still evaluating their options, according to Bloomberg.

It’s quite possible that these outfits are just as opposed to the new gTLD program as HP and P&G.

But if they’ve been talking to consultants, they will also have been advised not to publicly talk about their applications. Nothing can be gained by going public before April 12.

With 86 days to go, the cost of new gTLDs is still unknown

Kevin Murphy, October 18, 2011, Domain Policy

If you’re planning to apply for a new generic top-level domain or two, wouldn’t it be nice to know how much it’s going to cost you?

It’s less than three months before ICANN opens the floodgates to new gTLD applicants, but you’re probably not going to find out how big your bank account needs to be until the last minute.

With 86 days on the clock until the application window opens, and 177 until it closes, there are still at least two huge pricing policies that have yet to be finalized by ICANN.

The first relates to reduced application fees and/or financial support handouts for worthy applicants from developing nations. I’ll get to that in a separate piece before Dakar.

The second is the controversial Continued Operations Instrument, a cash reserve designed to ensure that new gTLDs continue to operate even if the registry manager goes out of business.

In the current Applicant Guidebook, prospective registries are told to prove that they have enough money – either with a letter of credit or in a cash escrow – to keep their gTLD alive for three years.

To be clear, the COI money doesn’t go into ICANN’s coffers; applicants just need to show that the cash exists, somewhere.

The funds would be used to pay the Emergency Back-End Registry Operator (whichever company that turns out to be) in the event of a catastrophic gTLD business failure.

With hundreds of new gTLDs predicted, many of them likely to be laughably naive, we’re likely to see plenty of such failures.

With that in mind, ICANN wants to make sure that registrants and end users are not impacted by too much downtime if they put their faith in incompetent or unlucky registries.

It is estimated that the COI will amount to a six-figure sum for almost all commercial registries. For generics with a higher projected registration volume it could easily run into the millions.

It’s controversial for a number of reasons.

First, it raises the financial bar to applying considerably.

Forget the $185,000 application fee. Under the COI provision, applicants need to be flush enough to be able to leave millions of dollars dormant in escrow for at least five years.

It’s been sensibly argued that this money would be better devoted to making sure the registry doesn’t fail in the first place.

Second, even though the Guidebook gives .brand applicants the ability to shut down their gTLDs without the risk of another provider taking them over, it also expects them to create a COI.

This appears to be an unnecessary waste of cash. If a single-registrant .brand gTLD fails, the registry itself is the only registrant affected and the COI is essentially redundant.

Third, some applicants are thinking about low-balling their business model projections in order to keep their COI to a manageable amount.

This, as the better new gTLD consultants will tell you, could be a bad idea. When applications are reviewed the evaluators will be looking for discrepancies like this.

If you’re making one set of financial projections to investors and another to ICANN, you risk losing points on and possibly failing the evaluation.

Anyway, with all this in mind (and with apologies for burying the lead) ICANN has just said that it’s thinking about completely revamping the COI policy before applications are accepted.

Seriously.

ICANN’s Registry Stakeholder Group community has made a proposal – which appears to be utterly sensible on the face of it – that would reduce costs by pooling the risk among successful applicants.

The RySG said it that the COI “should not be so burdensome as to actually become a roadblock to the success of new registries by causing capital to be tied up unduly.”

Rather than putting up enough cash to cover its own failure, each successful applicant would pay $50,000 up-front into a Continued Operations Fund that would cover all potential registry failures.

The COF would be administered by ICANN (or possibly a third party), and would be capped at $20 million. In a round of 400 new gTLDs, that target would be reached immediately.

If the COF fell short of $20 million, each registry would have to pay $0.05 per domain name per year into the fund until the cap was reached.

It’s a shared-risk insurance model, essentially.

While ICANN’s COI policy is ultra-cautious, implicitly assuming that ALL new gTLDs could simultaneously fail, the COF proposal assumes that only a small subset will.

Reverse-engineering the RySG’s numbers, the COF appears to cover the risk of failure for registries representing some 10 million domain-years.

ICANN has opened up the proposal to public comments until December 2.

This means we’re unlikely to see any concrete action to approve or reject the COF alternative until, at the earliest, about a month before the first round application window opens.

ICANN likes cutting things fine, doesn’t it?

M+M offers .brand gTLDs from $25k

Kevin Murphy, September 21, 2011, Domain Registries

Minds + Machines is promoting its gTLD registry services to brand owners at the International Trademark Association meeting in Washington DC, revealing prices as low as $25,000 a year.

Its .brand package covers preparing and filing the application with ICANN and then running the technical back-end.

The company also appears to have introduced a price ceiling of $100,000 a year for .brand clients, according to a press release.

M+M is even offering to throw in a private, ICANN-accredited registrar. I believe the company may be the first registry to publicize this kind of bundled service.

The company is targeting brand owners that may not be convinced by the attractiveness of a .brand, and may have no clue what to do with one, but which nevertheless do not want to be left behind in the event that the second round of new gTLD applications is delayed for many years.

M+M CEO Antony Van Couvering is quoted as saying:

There are a lot of innovative ways for brands to use new gTLDs, but most brands want to first secure their gTLD for a reasonable price, and maybe use it internally, before deciding on the next step.

M+M, which hired former ICANN chair Peter Dengate Thrush as chairman in June, has been among the most aggressive marketers of new gTLDs (which are, after all, it’s entire raison d’etre).

Its enthusiasm has already caused a couple of raised eyebrows.

A teaser announcement from M+M earlier this week, which mentioned how its “registry platform is connected with all major registrars, including MarkMonitor” caused MarkMonitor to issue a clarification stating that it has “no business relationship” with the company.

While MarkMonitor is plugged into CoCCA, the registry platform that handles dozens of ccTLDs, it is not plugged into Espresso, which is M+M’s in-house version of the open-source CoCCA software, the company said in a blog post.

(UPDATE: M+M’s Antony Van Couvering notes in the comments below that MarkMonitor accepts .fm registrations, and that the .fm registry uses Espresso)

CoCCA itself felt compelled to issue a statement in July, clarifying that CoCCA and M+M are not working together on Espresso, as some had inferred from an M+M interview.

Beckstrom strikes back at ANA threat

Kevin Murphy, August 10, 2011, Domain Policy

ICANN president Rod Beckstrom has come out swinging against the latest attack on its new top-levels domains program, promising to “vigorously defend” it.

In his response to a harshly critical missive from the Association of National Advertisers, Beckstrom calls ANA’s claims “either incorrect or problematic in several respects”.

I think “firmly worded” would be an appropriate way to characterize his letter (pdf).

In it, he notes that the new gTLD program has been on the cards since 1998, and has been developed over several years using input from the entire ICANN community, including ANA itself.

He further states that some of the complaints outlined by ANA president Bob Liodice show a lack of research.

As I noted in my interview with Liodice yesterday, ANA seems to think cybersquatting at the top-level will be enabled unless companies defensively apply for their “.brand” gTLDs.

Beckstrom said that these statements “demonstrate a lack of understanding of Program details”.

The letter suggests that companies have no choice but to apply for their own gTLDs. Operating a gTLD means assuming a number of significant responsibilities; this is clearly not for everyone. Indeed, it is hoped that those without an interest in making a contribution to expanded choice or innovation in the DNS will not apply. One clear directive of the consensus policy advice on which the program is built is that TLDs should not infringe the existing legal rights of others. The objection process and other safeguards eliminate the need for “defensive” gTLD applications, because where an infringement of legal rights can be established using these processes, an application will not be approved.

The response goes on to outline some of the mandatory second-level trademark protection mechanisms that have been included in the program’s Applicant Guidebook.

ICANN is arguably on shakier ground here – making use of these mechanisms is still going to cost brand owners time and money, which is the basis of ANA’s objections.

The question now is whether Beckstrom’s responses will be enough to get ANA to call off the dogs.

He has offered to talk to ANA to “to discuss how the ANA might participate more actively in the policy development activities and other ICANN processes going forward”.

That’s specifically not an offer to get into negotiations with ANA about the contents of the Guidebook or to delay the launch of the program.

That was never going to happen, particularly not in response to a thirteenth-hour complaint from an organization that hasn’t commented on the program for the last two years.

Liodice said yesterday that unless ICANN agrees to suspend the program, ANA plans to lobby the US Congress, its Department of Commerce, and may sue.

Reaction from the domain name industry to Beckstrom’s letter has so far been predictably positive.